2fed08282ba14e8a1c1d1162be7babef35710926516b48435fa7bb37412a2b03

Analysis

max time kernel
136s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2023, 20:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.d208a6eb6ddf3f3e78547dd6a3ea3e30.exe
Size

896KB
MD5

d208a6eb6ddf3f3e78547dd6a3ea3e30
SHA1

7449ac20c466dfa6220945d071e77f72663fe189
SHA256

2fed08282ba14e8a1c1d1162be7babef35710926516b48435fa7bb37412a2b03
SHA512

f1b318e84f5b5966efa97fdda4168176d49f19f7f17b05de403b3b4a77c264ed64eab98c9e19ba2c8925561a63ed8beec9af7a0012c327a0687be29d22a340f9
SSDEEP

24576:uaOiQScChlRnlNozcaBmEIp9pjsDyLZmN1VUZmSo2aI7:uaOiQWlRnlM19Iv2DeZmXiZmSonI7

Score

10^/10

dropper persistence trojan

Malware Config

Signatures

Malware Backdoor - Berbew 2 IoCs

Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.

persistence dropper trojan

resource	yara_rule
behavioral2/files/0x00090000000222f4-2.dat	family_berbew
behavioral2/files/0x00090000000222f4-3.dat	family_berbew

Deletes itself 1 IoCs

pid	Process
2252	A009.tmp

Executes dropped EXE 1 IoCs

pid	Process
2252	A009.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 2252	2388	NEAS.d208a6eb6ddf3f3e78547dd6a3ea3e30.exe	85
PID 2388 wrote to memory of 2252	2388	NEAS.d208a6eb6ddf3f3e78547dd6a3ea3e30.exe	85
PID 2388 wrote to memory of 2252	2388	NEAS.d208a6eb6ddf3f3e78547dd6a3ea3e30.exe	85

C:\Users\Admin\AppData\Local\Temp\NEAS.d208a6eb6ddf3f3e78547dd6a3ea3e30.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.d208a6eb6ddf3f3e78547dd6a3ea3e30.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Users\Admin\AppData\Local\Temp\A009.tmp
  "C:\Users\Admin\AppData\Local\Temp\A009.tmp"
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:2252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\A009.tmp

Filesize
896KB

MD5
b6ff71613b47fc3916e35ccbe1bc8787

SHA1
8152ceba09d1d320fbbb86566f2b60c18309d0dc

SHA256
3975b5bcb622de7bae47c3116393b9682bb58b9d5ff6ce9db8f828378c1153ef

SHA512
eba05ab4fc782b9984d34fddec612e96da59e522c6cd1cf44efd1dbfe311a7747148cd1a82c4fa6c0f2401779b5441f531d0fdeaff07edc7657f6834fcaffa38

Download Submit
C:\Users\Admin\AppData\Local\Temp\A009.tmp

Filesize
896KB

MD5
b6ff71613b47fc3916e35ccbe1bc8787

SHA1
8152ceba09d1d320fbbb86566f2b60c18309d0dc

SHA256
3975b5bcb622de7bae47c3116393b9682bb58b9d5ff6ce9db8f828378c1153ef

SHA512
eba05ab4fc782b9984d34fddec612e96da59e522c6cd1cf44efd1dbfe311a7747148cd1a82c4fa6c0f2401779b5441f531d0fdeaff07edc7657f6834fcaffa38

Download Submit